package net.expectx.pay.realm;


import net.expectx.common.single.util.Md5Util;
import net.expectx.pay.common.AdminConstants;
import net.expectx.pay.dao.bean.PermissionUser;
import net.expectx.pay.dao.bean.PermissionUserExample;
import net.expectx.pay.rpc.api.PermissionUserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.List;

/**
 * 用户认证和授权
 *
 * @author jianhun
 * @date 2018/5/16
 */
public class ExpectXRealm extends AuthorizingRealm {

    private static final Logger LOGGER = LoggerFactory.getLogger(ExpectXRealm.class);
    @Autowired
    private PermissionUserService permissionUserService;

    /**
     * 授权：验证权限时调用
     *
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

        String username = (String) principalCollection.getPrimaryPrincipal();
        LOGGER.info("进入ExpectXRealm(验证权限时调用)-----doGetAuthorizationInfo");

        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        return simpleAuthorizationInfo;

    }

    /**
     * 认证：登录时调用
     *
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
            throws AuthenticationException {
        LOGGER.info("进入ExpectXRealm(登录时调用)-----doGetAuthorizationInfo");

        String username = (String) authenticationToken.getPrincipal();
        String password = new String((char[]) authenticationToken.getCredentials());

        // 查询用户信息
        PermissionUserExample permissionUserExample = new PermissionUserExample();
        permissionUserExample.createCriteria().andUserNameEqualTo(username);
        List<PermissionUser> permissionUsers = permissionUserService.selectByExample(permissionUserExample);
        if (permissionUsers.isEmpty()) {
            throw new UnknownAccountException();
        }
        PermissionUser permissionUser = permissionUsers.get(0);
        if (!permissionUser.getPassword().toLowerCase().equals(Md5Util.md5(password + permissionUser.getSalt()).toLowerCase())) {
            throw new IncorrectCredentialsException();
        }

        if (permissionUser.getIsLocked() == AdminConstants.YES) {
            throw new LockedAccountException();
        }
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        session.setAttribute("permissionUser", permissionUser);
        return new SimpleAuthenticationInfo(username, password, getName());

    }

}
